IBM Support

IT33239: Reduction of default transfer limit for GCM cipherSpecs to 2^24.5 TLS records

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Based on recommendations from MQ's cryptographic function
provider (GSKit), the default data transfer limit for
Galois/Counter Mode (GCM) cipherspecs is reduced to 2^24.5
TLS
records.

The recommended limit of 2^24.5 TLS records is determined by
the IETF CFRG, and is specified in RFC 8446 5.5.

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
Users of MQ who are using a cipherspec which uses a GCM
algorithm for data integrity.

All such cipherspecs have the string _GCM_ within the cipherspec
name, for example TLS_RSA_WITH_AES_128_GCM_SHA256.

A full list of cipherspecs supported by MQ, and the data
integrity algorithm used by each cipherspec, can be found in the
product Knowledge Center under the "Enabling cipherspecs" topic:

https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.1.0/com.
ibm.mq.sec.doc/q014260_.htm


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
It was previously recommended by MQ's cryptographic provider
(GSKit) that a transfer limit of 2^32 TLS records using the
same session key be applied to TLS connections using a GCM
algorithm, based on NIST recommendation 800-38D. This
recommendation was implemented by MQ.

Following additional clarification in RFC 8446 5.5, this advice
has been updated to recommend a reduction of the limit to
2^24.5 TLS records using the same session key.

    



Problem conclusion


    

  • MQ has implemented the recommendation, and by default TLS
connections using a GCM cipherspec will terminate when the
transfer limit of 2^24.5 TLS records using the same session
key is reached.

Any such termination will be reported in the error log with
error code AMQ9288.

The 2^24.5 transfer limit means 23 726 566 TLS records using
the same session key. As each TLS record has a maximum size of
16KB, this presents a theoretical data limit of 379 625 056 KB,
approximately 362 GB. The amount of data transferred may be
lower, as not all TLS records exchanged on the connection may be
at full capacity.

Customers wishing to use GCM cipherspecs should consider use of
the SSLRKEYC attribute to enforce a session key reset once a set
amount of data has been transferred. As the limit applies to
records with the same session key, resetting the session key
before reaching the limit allows the connection to continue
indefinitely.

Alternatively, setting the environment variable
GSK_ENFORCE_GCM_RESTRICTION=GSK_FALSE in the environment used to
start the queue manager remains valid to disable the reduced
transfer limit.


Note that this change does not affect MQ on IBM i. On IBM i, the
GSKit configuration is maintained at the system level and should
be configured as described in the IBM i system administration
guidance.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.0 LTS   9.0.0.11
v9.1 LTS   9.1.0.6

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT33239
    • 

  • Reported component name
    IBM MQ BASE M/P
    • 

  • Reported component ID
    5724H7261
    • 

  • Reported release
    900
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-06-17
    • 

  • Closed date
    2020-07-10
    • 

  • Last modified date
    2020-07-20
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM MQ BASE M/P
    • 

  • Fixed component ID
    5724H7261
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            21 July 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback